Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things

Re^7: Any security holes?

by haj (Priest)
on Jun 28, 2022 at 13:43 UTC ( #11145148=note: print w/replies, xml ) Need Help??

in reply to Re^6: Any security holes?
in thread Any security holes?

Your script attempts to write tainted data to the filesystem. Running in taint mode protects you from doing this ...

This is not how taint mode works. You can write tainted data to the file system just fine. It is passing tainted data to the OS (via the file system, starting processes and the like) where taint mode kicks in.

A frequent path to taint failures is whenever environment variables like e.g. $ENV{HOME} or $ENV{TMP} are used by Perl modules. This may also differ between platforms. For example, my current Linux desktops don't even have $ENV{TMP} defined, whereas on Windows it is usually set.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11145148]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (3)
As of 2023-04-02 02:50 GMT
Find Nodes?
    Voting Booth?

    No recent polls found